Cloud-init using config drive
This section describes how to bootstrap a FortiADC-VM in VMware vCenter using config drive. Use this guide if you are deploying VMs on VMware vCenter or standalone ESX and would like to preconfigure the FortiADC-VM so that it boots with a predetermined configuration, and a valid license.
Verify that the config drive functionality is available for your FortiADC-VM version in the release notes. FortiADC-VM supports version 2 of the config-drive capabilities. Cloud-Init config drive was initially created for OpenStack and other cloud environments and is a capability available on the FortiADC-VM even when booting within a VMware vCenter or standalone ESX environment. Config drive also allows the administrator to pass both day zero configuration scripts and FAD-VM licenses to the FortiADC on initial boot.
To pass a config drive to the FortiADC-VM, first you must create a directory structure, and place the license file and configuration script file in the appropriate places. Here is the directory structure you will need:
FortiADC-VM license file
The contents of the FAD-VM license file go into the 0000 file. Generally one would cat the license file and redirect the output into the config-drive/openstack/content/0000 file.
fad-user@ubuntu:/var/tmp$ cat config-drive/openstack/content/0000
-----BEGIN FAD VM LICENSE-----
#-REDACTED-REDACTED-REDACTED-REDACTED-REDACTED-REDACTED-REDACTED-REDACTED-# #-REDACTED-REDACTED-REDACTED-REDACTED-REDACTED-REDACTED-REDACTED-REDACTED-# #-REDACTED-REDACTED-REDACTED-REDACTED-REDACTED-REDACTED-REDACTED-#
-----END FAD VM LICENSE-----
fad-user@ubuntu:/var/tmp$
FortiADC configuration script
The configuration script for a FortiADC-VM uses standard FortiADC CLI syntax. Here is a simple example, where the hostname is Example-Day0 and port1 is configured to use your designated IP address:
fad-user@ubuntu:/var/tmp$ cat config-drive/openstack/latest/user_data
config system global
set hostname Example-Day0
end
config system interface
edit port1
set mode static
set ip 10.106.170.53/24
set allowaccess https ssh ping
end
fad-user@ubuntu:/var/tmp$
Create the Config Drive ISO
- Create the config-drive ISO using a utility such as xorriso (other utilities can also be used to create ISOs, such as mkisofs). Using xorriso, this example refers to the config-drive directory created above with the relevant license file and configuration script. Here is an example of creating a config-drive ISO on an Ubuntu host:
- Now that the configuration drive has been created, place the ISO on the data store so that it can be used with FortiADC-VMs.
- Deploy the FortiADC-VM using an OVF template.
- Once you reach the end of the OVF template deployment Ensure to deselect Power on after deployment if has. This is so we can attach our config-drive ISO as a cdrom device before initial boot.
- Edit the virtual machine settings.
- Add a new device: CD/DVD drive and Ensure to select Connect at power on.
- Attach the Day0-CFG-Drive.iso ISO that you created earlier.
- Complete your changes, then navigate to the VM to boot it.
xorriso -as mkisofs -V config-2 -o Day0-CFG-Drive.iso config-drive/
xorriso 1.3.2 : RockRidge filesystem manipulator, libburnia project.
Drive current: -outdev 'stdio:Day0-CFG-Drive.iso'
Media current: stdio file, overwriteable
Media status : is blank
Media summary: 0 sessions, 0 data blocks, 0 data, 14.3g free
xorriso : WARNING : -volid text does not comply to ISO 9660 / ECMA 119 rules
Added to ISO image: directory '/'='/var/tmp/config-drive'
xorriso : UPDATE : 5 files added in 1 seconds
xorriso : UPDATE : 5 files added in 1 seconds
ISO image produced: 185 sectors
Written to medium : 185 sectors at LBA 0
Writing to 'stdio:Day0-CFG-Drive.iso' completed successfully.
ls -l Day0-CFG-Drive.iso
-rw-rw-r-- 1 fad-user fad-user 378880 Apr 2 13:32 Day0-CFG-Drive.iso
Results and verification
Boot the FortiADC-VM and open the console to verify that the VM is booting and utilizing the license file and day zero configuration file that was provided. Follow these verifications steps:
- Power on the VM.
- Go to the Console. Verify that you see the Configuration and VM license installed message and the subsequent reload.
- Upon completion of the boot sequence, you can verify that the FortiADC-VM hostname changed to ExampleDay0. Also verify that the license file is verified and the license registration status changed to VALID.
- After logging in, use the get system status command to verify that the license is upload.
- Use the get system interface port1 to verify that port1 is configured.
ESXi cloud init reference
For ESXi the utility xorriso is used on a Linux host to create the ISO used to boot the VM. The directory structure used to create the ISO is described below.
After the ISO is created you must upload it to your datastore of choice and attach it to the FortiADC-VM after deploying the OVF but before booting it up for the first time.
ls -lR config-drive/
config-drive/: total 4
drwxrwxr-x 4 fad-user fad-user 4096 Apr 2 11:59 openstack
config-drive/openstack:
total 8
drwxrwxr-x 2 fad-user fad-user 4096 Apr 2 12:07 content
drwxrwxr-x 2 fad-user fad-user 4096 Apr 2 12:06 latest
config-drive/openstack/content:
total 4
-rw-rw-r-- 1 fad-user fad-user 287 Apr 2 11:00 0000
config-drive/openstack/latest:
total 4
-rw-r--r-- 1 fdc-user fdc-user 172 Apr 2 11:06 user_data
cat config-drive/openstack/content/0000
-----BEGIN FAD VM LICENSE-----
#-REDACTED-REDACTED-REDACTED-REDACTED-REDACTED-REDACTED-REDACTED-REDACTED-# #-REDACTED-REDACTED-REDACTED-REDACTED-REDACTED-REDACTED-REDACTED-REDACTED-# #-REDACTED-REDACTED-REDACTED-REDACTED-REDACTED-REDACTED-REDACTED-#
-----END FAD VM LICENSE-----
cat config-drive/openstack/latest/user_data
config system global
set hostname Example-Day0
end
config system interface
edit port1
set mode static
set ip 10.106.170.53/24
set allowaccess https ssh ping
end
xorriso -as mkisofs -V config-2 -o Day0-CFG-Drive.iso config-drive/
xorriso 1.3.2 : RockRidge filesystem manipulator, libburnia project.
Drive current: -outdev 'stdio:Day0-CFG-Drive.iso' Media current: stdio file, overwriteable
Media status : is blank
Media summary: 0 sessions, 0 data blocks, 0 data, 14.3g free
xorriso : WARNING : -volid text does not comply to ISO 9660 / ECMA 119 rules Added to ISO
image:
directory '/'='/var/tmp/config-drive'
xorriso : UPDATE : 5 files added in 1 seconds xorriso : UPDATE : 5 files added in 1 seconds
ISO
image produced: 185 sectors
Written to medium : 185 sectors at LBA 0
Writing to 'stdio:Day0-CFG-Drive.iso' completed successfully.
ls -l Day0-CFG-Drive.iso
-rw-rw-r-- 1 fad-user fad-user 378880 Apr 2 11:32 Day0-CFG-Drive.iso